[krbdev.mit.edu #8764] get_creds can add redundant cache entry for referral ticket
Greg Hudson via RT
rt-comment at KRBDEV-PROD-APP-1.mit.edu
Wed May 22 12:42:31 EDT 2019
https://github.com/krb5/krb5/pull/912#issuecomment-494860167
demonstrates another case where we can see a duplicate: when copying a
ccache containing a cred with the referral realm in the service
principal, krb5_cc_store_cred() will store a duplicate.
Since this ticket was filed, we implemented functioning remove_cred for
all ccache types, although the FILE implementation only hides the cred.
krb5_cc_store_cred() has a remove_cred call when storing the ticket
server cred (mistakenly left behind by commit
7783054742ddd807f7b2f7157d6ed81b7fb614eb) so the visible symptoms of
this issue are no longer present.
More information about the krb5-bugs
mailing list